Senior IT Security Analyst - Risk Management

The Senior IT Security Analyst -Risk Management is a highly skilled and technically proficient member of the Cybersecurity Operations team within the University of Virginia Health System Health IT (HIT) organization. This role is critical in deploying, configuring, operating, troubleshooting, and evaluating the effectiveness of a wide array of cybersecurity controls and services. The ideal candidate will have deep technical expertise and a passion for defending complex environments against evolving cyber threats.

Key Responsibilities:
Assess the effectiveness of security controls
Perform security reviews
Work with Leadership to develop a cybersecurity risk management plan
Recommend risk mitigation strategies
Conduct risk analysis of applications and systems undergoing major changes
Advise on Risk Management Framework process activities and documentation
Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks
Update security documentation to reflect current application and system security design features
Document software, network, and system deviations from implemented security postures
Recommend required actions to correct software, network, and system deviations from implemented security postures
Work with Leadership to develop cybersecurity compliance processes for external services
Work with Leadership to develop cybersecurity audit processes for external services
Work with Leadership to provide cybersecurity guidance to organizational risk governance processes
Determine if vulnerability remediation plans are in place
Develop vulnerability remediation plans
Determine if cybersecurity requirements have been successfully implemented

• Maintenance of data security tables and files used to manage for access controls and identity management systems.
• Assists with investigative process during computer security incident responses.
• Implements and maintains information security infrastructure.
• Collaborates with other HSCS teams to ensure Information Security Plan and Standards are implemented.
• Collaborates with other HSCS teams to ensure facility and physical security is implemented. Coordinates Information Security Awareness program and educational activities.
• In addition to the above job responsibilities, other duties may be assigned.

T his position will not consider candidates who require immigration sponsorship at this time or in the future.

MINIMUM REQUIREMENTS

Education: Bachelor's degree
Experience: 5-7 years relevant experience. Relevant experience may be considered in lieu of a degree.
Licensure: CISSP or HCISPP or similar preferred.

PHYSICAL DEMANDS

This is primarily a sedentary job involving extensive use of desktop computers. The job does occasionally require traveling some distance to attend meetings, and programs.

Position Compensation Range: $74,922.00 - $149,843.00 Annual

Benefits

• Comprehensive Benefits Package: Medical, Dental, and Vision Insurance
• Paid Time Off, Long-term and Short-term Disability, Retirement Savings
• Health Saving Plans, and Flexible Spending Accounts
• Certification and education support
• Generous Paid Time Off

UVA Health is a world-class Magnet Recognized academic medical center and health system with a level 1 trauma center. 2023-2024 U.S. News & World Report "Best Hospitals" guide rates UVA Health University Medical Center as "High Performing" in 5 adult specialties and 14 conditions/procedures. We are one of 70 National Cancer Institute designated cancer centers. UVA Health Children's is named by 2023-2024 U.S. News & World Report as the best children's hospital in Virginia with 9 specialties ranked among the best in the nation. Our footprint also encompasses 3 community hospitals and an integrated network of primary and specialty care clinics throughout Charlottesville, Culpeper, Northern Virginia, and beyond.